package com.example.eureka.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	/**
	 * 高版本的丢弃了
	 * security: basic: enabled: true
	 * 配置，应该使用以下方式开启
	 * @param http
	 * @throws Exception
	 */
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// Configure HttpSecurity as needed (e.g. enable http basic).
		http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
		http.csrf().disable();
		// 注意：为了可以使用 http://${user}:${password}@${host}:${port}/eureka/
		// 这种方式登录,所以必须是httpBasic,
		// 如果是form方式,不能使用url格式登录
		http.authorizeRequests().anyRequest().authenticated().and().httpBasic();
	}
	
	/**
	 * 使用自顶的PasswordEncoder完成Authentication初始化校验
	 * userName:Dustyone-->Mandatory 
	 * password:bai5331359 -->Mandatory
	 * role:USER -->Optional
	 */
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {

		auth.inMemoryAuthentication().passwordEncoder(new SecurityPasswordEncoder())// 在此处应用自定义PasswordEncoder
				.withUser("Dustyone").password("bai5331359").roles("USER");
	}

}
